红帽全球峰会2.5. IBM Cloud VPC IAM 策略和 API 密钥
要将 OpenShift Container Platform 安装到 IBM Cloud 帐户中,安装程序需要一个 IAM API 密钥,它提供访问 IBM Cloud 服务 API 的身份验证和授权。您可以使用包含所需策略的现有 IAM API 密钥或创建新策略。
有关 IBM Cloud IAM 概述,请参阅 IBM Cloud 文档。
2.5.1. 先决条件权限
| 角色 | 权限 |
|---|---|
| Viewer, Operator, Editor, Administrator, Reader, Writer, Manager | <resource_group> 资源组中的互联网服务 |
| Viewer, Operator, Editor, Administrator, User API key creator, Service ID creator | IAM Identity Service 服务 |
| Viewer, Operator, Administrator, Editor, Reader, Writer, Manager, Console Administrator | <resource_group> 资源组中的 VPC Infrastructure Services 服务 |
| Viewer |
资源组 :查看资源组本身的访问权限。资源类型应等于 |
2.5.2. cluster-creation 权限
| 角色 | 权限 |
|---|---|
| Viewer | <resource_group> (为您的团队创建资源组) |
| Viewer, Operator, Editor, Reader, Writer, Manager | Default 资源组中的所有服务 |
| Viewer, Reader | 互联网服务 |
| Viewer, Operator, Reader, Writer, Manager, Content Reader, Object Reader, Object Writer, Editor | 云对象存储服务 |
| Viewer |
默认资源组: 资源类型应等于 |
| Viewer, Operator, Editor, Reader, Manager | <resource_group> 资源组中的 Power Systems Virtual Server 服务 |
| Viewer, Operator, Editor, Reader, Writer, Manager, Administrator | <resource_group> 资源组中的 Internet Services 服务:CIS 功能范围字符串等于可靠性 |
| Viewer, Operator, Editor | 直接链接服务 |
| Viewer, Operator, Editor, Administrator, Reader, Writer, Manager, Console Administrator | VPC Infrastructure Services 服务 <resource_group> 资源组 |
2.5.3. 访问策略分配
在 IBM Cloud IAM 中,访问策略可附加到不同的主题:
- 访问组(推荐)
- 服务 ID
- 用户
建议的方法是在访问组中定义 IAM 访问策略。这有助于组织 OpenShift Container Platform 所需的所有访问权限,并可让您向这个组注册用户和服务 ID。如果需要,您还可以为 用户和服务 ID 分配访问权限。
2.5.4. 创建 API 密钥
您必须为 IBM Cloud 帐户创建用户 API 密钥或服务 ID API 密钥。
先决条件
- 您已为 IBM Cloud 帐户分配了所需的访问策略。
- 您已将 IAM 访问策略附加到访问组或其他适当的资源。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}